CONTRIBUTE TO OUR LEGAL DEFENSE

If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

1. Please do not run any other tools unless instructed.2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.4. Please reply to this thread. Do not start a new topic.

P2P Warning Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Ares, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.Once upon a time, P2P file sharing was fairly safe. That is no longer true.P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.

Step 1Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Vista/Win7 users should right click on the icon and select Run as Administrator.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If running Vista/Win7, you will not see the recovery console screens as they are Win XP related

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Been there, done that, got the t shirt.Now they're older and left home, i don't have that worry anymore.

A quick question before i continue.......Did you actually install this yourself? .....Bee CouponsThere's very little info on it. ( which isn't always a good thing! )It seems to have been installed along with Bench .... which is a Wireless Key Generator.Did you install Bench or did your son?

Ok, let's see if we can deal with this then.There does seem a lot to do here, but it won't take too long.Take each step at a time and any questions just shout.

We need to run a Combofix script.... this would have been easier if Combofix had been downloaded to the Desktop. ( you'll see why when we get to the script)

Running from: c:\users\Lynn\Downloads\ComboFix.exe

So to make it easy for you, we need to move the Combofix program to the Desktop.Navigate to:c:\users\Lynn\Downloads\ComboFix.exeMake sure that the page is not maximized. (use the middle icon on the page... top right hand corner. half size will do nicely) and make sure you can see the Desktop as well.Now right click on the Combofix icon, hold the right click button and drag the icon to the Desktop.Release the right click button and select 'Move Here' from the menu that comes up.(left click)You should now have Combofix on your Desktop.

Step 1Close any open browsers.Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.Copy the text below in the code box by highlighting all the text and pressing Ctrl+C

Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).

It will close all programs when run, so make sure you have saved all your work before you begin.

Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.

Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Your Desktop icons will disappear while TFC is running, this is normal and they will return when it's finished.

Step 3Please reset the Google Chrome Browser:

To reset Google Chrome

Click the Menu option button at the top right of the Google Chrome screen

In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.

Resetting your browser settings will impact the settings below:

Default search engine and saved search engines will be reset and to their original defaults.Homepage button will be hidden and the URL that you previously set will be removed.Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.Pinned tabs will be unpinned.Content settings will be cleared and reset to their installation defaults.Cookies and site data will be cleared.Extensions and themes will be disabled.

Step 4Please run another FRST scan and post the report for me.Before you press the Scan button, look below it and make sure there's a tick against Addition.txt.If not, just tick it.Now press the scan button.It will produce 2 reports as before.

In your next reply, please submit:New Combofix.txtnew reports from Frstand let me know if Chrome is any better now we have reset it.

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-05 20:01:14.952

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-05 20:01:14.858

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-05 20:01:14.749

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-01 21:46:37.422

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-01 21:46:37.307

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-05 20:01:14.952

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-05 20:01:14.858

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-05 20:01:14.749

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-01 21:46:37.422

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-01 21:46:37.307

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-05 20:01:14.952

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-05 20:01:14.858

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-05 20:01:14.749

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-01 21:46:37.422

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-01 21:46:37.307

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

I see that you moved Combofix ok.Unfortunately the fix wasn't run.... the normal Combofix was run.That's why some of the entries are still showing in the report.Not to worry though, we'll remove them with FRST.

Did you remove Bench, because its no longer showing in the reports.

Chrome seems much better so far!

That's good.The report is showing that Chrome may still need some work though.

Step 1Please download the attached fixlist.txt (bottom of this post) file and save it to the Download folder.NOTE.It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.That is why i stated the Download folder as that is where FRST is located

NOTICE: This script was written specifically for this user, for use on that particular machine.Running this on another machine may cause damage to your operating system

Re-run FRST/FRST64 and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.